CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 6180 / 113
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2024-6747 Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data 5.3 0.42% 2024-10-10 2026-06-17
CVE-2024-38862 Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators. 5.1 0.32% 2024-10-14 2026-06-17
CVE-2024-38863 Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks. 5.1 0.41% 2024-10-14 2026-06-17
CVE-2024-47094 Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users. 5.7 0.21% 2024-11-29 2026-06-17
CVE-2024-47093 Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS 8.8 0.51% 2024-12-19 2026-06-17
CVE-2024-38864 Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data. 4.8 0.18% 2024-12-19 2026-06-17
CVE-2025-1075 Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible to administrators. 5.6 0.29% 2025-02-19 2026-06-17
CVE-2024-47092 Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api prior to 5.8.1 7.7 0.35% 2025-03-03 2026-06-17
CVE-2025-2596 Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL) 2.3 0.20% 2025-03-26 2026-06-17
CVE-2024-38865 Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for an event to originate from a host with the same contact group or from an event generated with an unknown host. 6.0 0.71% 2025-04-10 2026-06-17
CVE-2025-2092 Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p29, <2.2.0p41 and <=2.1.0p49 (EOL) causes remote site authentication secrets to be written to log files accessible to administrators. 7.1 0.29% 2025-04-22 2026-06-17
CVE-2025-3506 Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and <Checkmk 2.4.0b6 allows attacker to access files that could contain secrets. 6.3 0.27% 2025-05-08 2026-06-17
CVE-2025-32917 Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate privileges. 5.2 0.26% 2025-05-13 2026-06-17
CVE-2025-1712 Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files 8.7 0.66% 2025-05-21 2026-06-17
CVE-2025-32915 Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42 and <= 2.1.0p49 (EOL). This allows a local attacker to read sensitive data. 4.3 0.06% 2025-05-22 2026-06-17
CVE-2024-38866 Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection 5.3 0.30% 2025-05-27 2026-06-17
CVE-2024-47090 Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS 5.1 0.19% 2025-05-27 2026-06-17
CVE-2025-32918 Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions <2.4.0p6, <2.3.0p35, <2.2.0p44, and 2.1.0 (EOL) allows an authenticated user to inject arbitrary Livestatus commands. 5.3 0.33% 2025-07-04 2026-06-17
CVE-2025-58123 Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in MitM position to intercept traffic. 6.9 0.10% 2025-08-28 2026-06-17
CVE-2025-58124 Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic. 6.9 0.10% 2025-08-28 2026-06-17
cvelogic Threat Intelligence